This article describes Advanced Compliance for Zendesk.
This article includes the following sections:
- Health Insurance Portability and Accountability Act (HIPAA)
- About Advanced Compliance
- Zendesk services eligible for coverage by the BAA
About the Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ personal health information (PHI) and electronic personal health information (ePHI).
HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).
About Advanced Compliance
With Advanced Compliance, you have the ability to enter into a Business Associate Agreement (BAA) with Zendesk to cover use cases where Protected Health Information (PHI) may exist within Zendesk Service Data. Additionally, Zendesk will provide you with recommended security configuration options to assist you in safeguarding PHI in your account as required by HIPAA.
With the purchase of Advanced Compliance, either directly or through the purchase of a plan that includes the Advanced Compliance add-on, Zendesk customers can sign Zendesk’s BAA. You can review and sign the BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/.
Advanced Compliance and the BAA only apply to features and functionality that are expressly stated to form part of the “Covered Services” in the BAA. Additionally, Advanced Compliance and the BAA do not apply to certain products, services, and features as further detailed in the BAA and on this page. For the current list of Covered Services, see Zendesk Services eligible for coverage by the BAA, below.
Zendesk services eligible for coverage by the BAA
For customers who have purchased the Support Advanced Compliance add-on, or are entitled to the Advanced Compliance add-on within their Zendesk Suite Service Plan, and have executed a BAA with Zendesk, the following tables show the current list of HIPAA Enabled Service Plans, the applicable Services covered by the BAA under that Service Plan, and the add-ons available for use with the HIPAA Enabled Service Plans.
| HIPAA Enabled Service Plans | BAA Covered Services |
| Zendesk Suite Professional or Enterprise |
Support (Ticketing System Functionality) Guide (Help Center Functionality) Gather (Community Forum Functionality) Chat (Live Chat Functionality) and Zendesk messaging Explore (Analytics Functionality) Talk (Voice Functionality), excluding Text Sunshine Conversations within Zendesk Suite |
| Zendesk Enterprise Support (current and legacy plans) |
Enterprise Support (Ticketing System Functionality) Guide (legacy) (Help Center Functionality) Gather (legacy) (Community Forum Functionality) Enterprise Chat (Live Chat Functionality) and Zendesk messaging Explore (legacy) (Analytics Functionality) |
| Zendesk Talk Enterprise, Professional, or Advanced (legacy plans) | Talk (Voice Functionality), excluding Text |
| HIPAA Enabled Add-Ons (current plans) | HIPAA Enabled Add-Ons (legacy plans) |
| Advanced Data Privacy and Protection | Productivity Pack (legacy) |
| Copilot | Collaboration (legacy) |
| Agent Months | Unlimited Multibrand (legacy) |
| Voice usage credits | More Storage (legacy) |
| Premium Sandbox | Priority Support (legacy) |
| More Storage | Enhanced Disaster Recovery (legacy) |
| Answer Bot resolution | Advanced Compliance (legacy) |
| High volume API | Data Center Location (legacy) |
| Sunshine conversations MAU | |
| Sunshine conversations notifications | |
| Workforce Management (WFM) | |
| Zendesk Quality assurance (QA) | |
| AI Agents - Advanced |
Any identified limitations on the ability to use specific features or functionality found within the Covered Services and HIPAA-enabled Add-Ons in compliance with HIPAA will be published in the recommended security configurations described below.
Any other Zendesk products or third party services (including legacy standalone Sunshine Conversations; integrations, including with social media messaging channels; or Marketplace applications) are not HIPAA-enabled. For additional exceptions see Exceptions to additional security functionality.
To review our recommended security configurations for HIPAA-enabled accounts, see Security configuration requirements for HIPAA-enabled accounts on Zendesk.
Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.
For more information on HIPAA, refer to the attachments below or contact Zendesk Security for additional details regarding the specifics of Zendesk's HIPAA program.
Topic attachments